Privilege Escalation Flaw in Google’s Vertex AI Exposes ML Models

Cybersecurity researchers have uncovered two privilege escalation vulnerabilities in Google’s Vertex AI platform. Exploiting custom job pipelines and poisoned models, attackers could gain unauthorized access to Kubernetes clusters, exfiltrate sensitive ML models, and manipulate cloud resources. The flaws, which posed severe risks to proprietary data, have since been patched by Google. Experts emphasize the importance of auditing permissions and implementing strict deployment controls.

Read more about this critical vulnerability on The Hacker News here.